allen
commented
14 years ago From Alistair:
Correct. Should be able to do this via individual .htaccess files in the folder with deny from all or maybe in the root .htaccess. Need to investigate. Will potentially require changes to the installer to create these files on install.
From Nick Dunn:
From our discussion about visibility of XML/XSLT at the Symposium (particularly after realisation they're open on Westminster!) I would think S3 should block the direct viewing of any XML/XSLT files. I think Alistair toyed with an .htaccess rule in 2.0.8 to deny the serving of files from /manifest except for those within /manifest/cache.
In my opinion S3 should therefore deny files from the following:
/manifest/* (except /cache) /workspace/data-sources /workspace/sections /workspace/utilities /workspace/views